<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Security-Policy" content="script-src http://localhost:8000/ http://127.0.0.1:8000/resources/testharness.js http://127.0.0.1:8000/resources/testharnessreport.js http://127.0.0.1:8000/security/contentSecurityPolicy/resources/redirect-does-not-match-paths.js; img-src http://localhost:8000/ http://127.0.0.1:8000/allowed; child-src http://localhost:8000/ http://127.0.0.1:8000/allowed; style-src http://localhost:8000/ http://127.0.0.1:8000/allowed; connect-src http://localhost:8000/ http://127.0.0.1:8000/allowed">
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
    <!-- This URL redirects to
         http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script-redirect-not-allowed.js,
         a URL that is not allowed by the CSP, but should load because it is
         the result of a redirect and it matches when paths are ignored. -->
    <!-- If this script loads and runs, it sets script_loaded to true. -->
    <script src="http://localhost:8000/security/contentSecurityPolicy/resources/redirect.pl?type=script"></script>
    <link rel="stylesheet" type="text/css" href="http://localhost:8000/security/contentSecurityPolicy/resources/redirect.pl?type=stylesheet" />
</head>
<body>
    <script src="resources/redirect-does-not-match-paths.js"></script>
</body>
</html>
